E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: Edmonton Journal

Posted on May 9, 2007

      Companies may soon be forced to tell Canadians when their personal information is lost or stolen by identity thieves under recommendations released Wednesday by a parliamentary committee moving to strengthen federal privacy laws.

      Companies that suffer a security breach should be required to inform the federal privacy commissioner, who will then decide whether the loss is serious enough to inform the people affected, said the report by MPs on the privacy and ethics committee.

      But the report doesn't call for mandatory notification by retailers, banks and other organizations of every security breach.

      Canada's major banks and retail organizations have been fighting for months to prevent the government from requiring mandatory notification. The private sector argues consumers are already informed about breaches when deemed necessary, and that to make it mandatory could leave Canadians with "notification fatigue."

      "Currently, organizations have the flexibility they need to be able to address each situation, understanding that each is different and tailoring their response accordingly," Maura Drew-Lytle, senior manager of media relations at the Canadian Bankers Association, said in an e-mail Wednesday.

      Legislation, she added, could create "a disclosure framework that might not be appropriate" in every situation. But federal privacy commissioner Jennifer Stoddart has argued Ottawa should require the private sector to report security breaches as a way to protect consumers from identity theft and other problems.

      Stoddart had previously said such a requirement isn't necessary, but changed her mind after news of several high-profile breaches earlier this year involving Winners, HomeSense and the Canadian Imperial Bank of Commerce. Stoddart was unavailable for comment Wednesday.

      The recommendations are part of a mandatory review of the Personal Information Protection and Electronic Documents Act, which protects how companies use and disclose personal information they collect from consumers and employees.

      The committee is also asking the federal government to remove a section of the act that lets businesses and other organizations collect and use personal information of Canadians without their knowledge or consent. "It is the new collection power that is most troubling to privacy advocates," the report says.

      The provision was added in 2004, pursuant to the Public Safety Act, in response to the terrorists attacks of Sept. 11, 2001, and has come under fire from privacy advocates who say it violates the rights of Canadians. Stoddart urged the committee to remove the provision, saying it "has the undesirable effect of deputizing the private sector to carry out law enforcement activities without the corresponding public accountability," said the committee's report.

Other highlights of the report's recommendations:

      - Updating the act to clearly define how organizations should properly dispose of sensitive paper records and electronic documents.

      - Allowing businesses and other third parties to disclose personal information to certain authorities or next of kin without permission in emergencies or other "public interest" cases.

      - Studying whether specific rules are needed to protect how children's personal information is collected, used and revealed on the Internet or in other commercial contexts.

      Industry Minister Maxime Bernier hadn't received the report Wednesday afternoon.

      Spokesman Marc-Andre Plouffe noted the minister has 120 days to respond to the report and indicate whether the government intends to adopt some, none, or all of the committee's recommendations.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.